README

html-sanitizer
is a library aiming at handling, cleaning and sanitizing HTML sent by external users
(who you cannot trust), allowing you to store it and display it safely. It has sensible defaults
to provide a great developer experience while still being entierely configurable.

This repository is a Symfony bundle integrating the html-sanitizer
library into Symfony applications. It provides helpful tools on top of the sanitizer to easily use it in Symfony.

As you see, you can have multiple sanitizers available at the same time in your application.
Have a look at the library documentation to learn all the available
configuration options for the sanitizers themselves.

Usage in services

This bundle provides the configured sanitizer for autowiring using the interface
HtmlSanitizer\SanitizerInterface. This autowiring will target the default sanitizer defined
in the bundle configuration.

This means that if you are using autowiring, you can simply typehint SanitizerInterface in any
of your services to get the default sanitizer:

Usage in forms

This applies only if you have installed the Symfony Form component.

The main usage of the html-sanitizer is in combination with forms. This bundle provides a TextType extension
which allows you to automatically sanitize HTML of any text field or any field based on the TextType
(TextareaType, SearchType, etc.).

Backward Compatibility promise

Note: many classes in this library are either marked @final or @internal.
@internal classes are excluded from any Backward Compatiblity promise (you should not use them in your code)
whereas @final classes can be used but should not be extended (use composition instead).